Hi John, I had the same question and the quoted sentence still doesn't explain the why for me. The key rotation explains, that it is possible to publish the keys without a harm for you, but I don't see a benefit for anybody in publishing the old private keys. If you do, I'd be interested in your opinion 😊
Thanks, Florian -----Original Message----- From: mailop <mailop-boun...@mailop.org> On Behalf Of John Levine via mailop Sent: Donnerstag, 27. April 2023 00:23 To: mailop@mailop.org Cc: oliver.gell...@dm.de Subject: Re: [mailop] DKIM with 3072-bit or 4096-bit RSA signatures This email has reached Mapp via an external source It appears that Gellner, Oliver via mailop <oliver.gell...@dm.de> said: > >> On 26.04.2023 at 04:30 John Levine via mailop wrote: >> >> I rotate my keys every month, and publish the old public keys on a >> web site 10 days after the end of the month so anyone can fake an old >> signature from me. There's a pointer to the web server in the DNS key >> records. > >Hello John, > >is there a particular reason why you are publishing the old keys? Um, I said why in the first sentence of the paragraph you quoted. R's, John _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop Mapp Digital Germany GmbH with registered offices at Sandstr. 3, 80335 München. Registered with the District Court München HRB 226181 Managing Directors: Frasier, Christopher & Warren, Steve This e-mail is from Mapp Digital Group and its international legal entities and may contain information that is confidential. If you are not the intended recipient, do not read, copy or distribute the e-mail or any attachments. Instead, please notify the sender and delete the e-mail and any attachments. _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop